oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

krb5: return KRB5KRB_AP_ERR_INAPP_CKSUM if PAC checksum fails

Browse Source 
Return KRB5KRB_AP_ERR_INAPP_CKSUM instead of EINVAL when verifying a PAC, if
the checksum is absent or unkeyed.
This commit is contained in:
Luke Howard
2021-09-17 13:57:57 +10:00
parent fd3f463152
commit cba3f9a563
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/krb5/pac.c
View File

@@ -495,13 +495,13 @@ verify_checksum(krb5_context context,
}
ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length);
if (ret != (int)cksum.checksum.length) {
ret = EINVAL;
ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
krb5_set_error_message(context, ret, "PAC checksum missing checksum");
goto out;
}
if (!krb5_checksum_is_keyed(context, cksum.cksumtype)) {
ret = EINVAL;
ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
krb5_set_error_message(context, ret, "Checksum type %d not keyed",
cksum.cksumtype);
goto out;